This innovative new solution addresses three strategic imperatives—being visibility-driven, threat focused, and platform-based. In this post, we will examine the necessity of a foundation of full contextual awareness and visibility—to see everything in an environment, detect multi-vector threats and eliminate the visibility gaps in traditional defenses comprised of disparate point technologies that sophisticated attackers exploit.

In an aptly titled recent post from Joseph O’Laughlin, “You Cannot Protect What You Can’t See,” he discusses why visibility (and subsequent control) into only applications and users is no longer enough to protect today’s dynamic environments and outlines how visibility into the network enables better network protection. This core concept of visibility into the network is at the heart of Cisco ASA with FirePOWER Services (and our Next-Generation Intrusion Prevention Systems too) that sets it apart from all other network security competitors.

While NGFWs have captured lots of industry attention for their ability to provide access controls on applications and users, visibility is what is most key to protect dynamic, changing environments. In an era of sophisticated threats, a visibility-driven approach requires insight into all users, mobile devices, client side applications, operating systems, virtual machine-to-machine communications, vulnerabilities, threats, and URLs. This provides real-time contextual awareness, gives network defenders a holistic view of the network, makes it easier to pinpoint suspicious behavior when it happens and is vital to identifying malware. It is a necessity for every modern NGFW.

Cisco ASA now addresses modern requirements for unprecedented network visibility with full contextual awareness into users, mobile devices, client-side applications, operating systems, virtual machine-to-machine communications, vulnerabilities, threats, and URLs to let in trusted users and keep the trespassers and unwanted guests out of networks. Our solution provides Application Visibility and Control for over 3,000 applications and sub-applications to minimize risky activity on networks. Cisco ASA monitors all the assets in network and passively gathers detailed activity information. FireSIGHT then correlates this intelligence to display comprehensive information in a single console, including threats, users, applications, file transfers, and much more.

Cisco ASA is the first and only NGFW to include Indicators of Compromise correlation from both network and endpoint.

With full understanding of who the good guys are and their expected behavior, FireSIGHT can rout out unexpected activity and derive holistic, multi-vector indicators of compromise (IoCs) that correlate detailed network and endpoint event intelligence and provide further visibility into malware infections. IoCs ensure that network defenders focus on the top suspicious behaviors to quickly identify sources of infection, malware trajectory inside the network, and root cause determination to aid quick remediation and maximize security effectiveness. We’ll talk more about using contextual awareness for threat correlation and automated policy tuning in a future post.

The Best Choice for Next Generation Firewall

Cisco ASA provides the complete visibility and control to protect businesses. Our solution integrates a powerful suite of capabilities to comprehensively observe, detect, and remediate intrusions and ensure no further infections occur. This visibility and context serves as the basis for dynamic controls to establish adaptive trust. This concept starts with the assumption of zero trust, but expands as information regarding the behavior of the device, user, or application expands.

A future blog in the series will focus on how this trust is the baseline for then automating security actions. We’ll also discuss how Cisco ASA now delivers on the promise of threat-centric security with superior multilayered protection against known and emerging threats.

Some of the individuals posting to this site, including the moderators, work for Cisco Systems. Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of Cisco. The content is provided for informational purposes only and is not meant to be an endorsement or representation by Cisco or any other party. This site is available to the public. No information you consider confidential should be posted to this site. By posting you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to the Website and release Cisco from any liability related to your use of the Website. You also grant to Cisco a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to sublicense) right to exercise all copyright, publicity, and moral rights with respect to any original content you provide. The comments are moderated. Comments will appear as soon as they are approved by the moderator.